Skip to main content Link Menu Expand (external link) Document Search Copy Copied


Authentication with the Sessions API is carried out using the X-Api-Key HTTP request header.

This header must be included in every request submitted to the API.

Every user with access to the Sessions API has their own API key. You can retrieve your API key from your profile in the Zuko app, here.

If there is no API key shown on your profile page, you have not been granted API access yet. Reach out to your account manager to request access.

Your API key allows access to your organisation’s data in Zuko. You should therefore protect it and ensure that it is not committed in any code-repositories or shared with anyone else. Treat it as you would treat your login password.


curl --header "X-Api-Key: REPLACE_WITH_YOUR_API_KEY"

Note: This is different to the Form UUID.